Coder Social home page Coder Social logo

dallen4 / deadrop Goto Github PK

View Code? Open in Web Editor NEW
2.0 2.0 1.0 2.17 MB

e2e encrypted secret sharing

Home Page: https://deadrop.io

License: GNU General Public License v3.0

JavaScript 5.29% TypeScript 93.13% MDX 1.58%
encryption peer-to-peer peerjs secrets secrets-management secrets-sharing web-crypto web-cryptography web-cryptography-api webrtc

deadrop's People

Contributors

dallen4 avatar

Stargazers

 avatar  avatar

Watchers

 avatar  avatar

Forkers

yd-915

deadrop's Issues

User System

A user system is needed to authenticate users for future features and/or enhancements such as:

  • captcha bypass
  • personal drop URL (deprioritized)
  • premium and/or paid features

To be developed using NextAuth.js with initial support for Google and GitHub flows.

Configurable Drop Options

Requirements

  • allow drop options to be configured via modal
  • track drop options in redis
  • return drop options as static props for /grab page

Device Vault

Overview

To streamline repeat secret-sharing and simplify the UX, it would be good to have a device-level vault that stores secrets using password-based encryption. This would allow users to have secrets more readily available to drop.

Requirements

  • encrypted read/write to device data store
    • IndexedDB, fallback to local storage
  • implement UI for creating and managing vaults

Drop Links w/o Real-time Handoff

In the future, it may be of interest to users to be able to create a link that others can use to retrieve a secret without peer-to-peer, real-time drops.

Consider password-based encryption patterns like this one.

Dynamic Drop Links

Changelog

  • implement expiring link functionality with dynamic QR code generation

Drop Authorization via SMS 2FA

Requirements

  • implement optional authorization of receiving user ("grabber") by leveraging SMS verification code sent to number provided by sender ("dropper")

Refactor Crypto to Shared

Requirements

  • refactor cryptographic functionality from web application workspace to shared so it can be leveraged by cli implementation workplace

Benefits

  • unified functionality for higher code reusability

Navigation Not Blocked When Peer Active

Description

Currently, the beforeunload event is used to block navigation away from a /drop or /grab page when an active peer connection is open. This is to avoid weird UX and dropped or dangling WebRTC and WebSocket connections.

However, because of how Next.js navigates within its framework, it does not trigger the beforeunload event when navigating and thus doesn't block navigation or cleanup peer connections before leaving the page.

Solution

A blocking approaching using an event listener on Next.js' Router should be able to provide the desired functionality.

PWA Support

Implement PWA support for web application to be saved to mobile home screens

CLI MVP

Requirements

Cross-platform binary executable CLI that provides functionality for dropping (sending) and grabbing (receiving) secrets using existing infrastructure.

Premium Features

Requirements

  • determine user system
  • implement tiered functionality for premium subscribers

VS Code Extension

Requirements

  • implement drop and grab features within a VS Code Extention

File Drops

Requirements

  • extend drop functionality to be able to send .json, .env, .yml, and .txt files

Session Expiration

Requirements

  • implement delete call for session at end of drop
  • implement expiry time option so redis holds session for longer than 5 mins

Investigate CLI

Requirements

  • look into implementing deaddrop as a CLI leveraging Node.JS crypto module

References

Multi-user Drops

Requirements

  • allow for multiple receiving users ("grabbers") to connect to the same drop instance ("dropper")
  • allow dropper to configure max connections

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.